Last updated: May 2025
1. Who we are
Rosace Studio ("Rosace", "we", "us", "our") is a residential architecture studio based in London, United Kingdom. Our website address is rosace.co.uk.
For the purposes of UK data protection law, Rosace Studio is the data controller responsible for your personal information. If you have questions about this policy or how we handle your data, you can contact us at info@rosace.co.uk.
2. Information we collect
We collect personal information in the following ways:
Information you provide directly:
- Name and email address submitted via our contact form
- Any additional details you choose to include in a message to us (such as your phone number, project description, or property address)
Information collected automatically:
- IP address and approximate geographic location (at country/city level)
- Browser type and operating system
- Pages visited, time spent on pages, and how you navigated to our website
- Device type (desktop, mobile, tablet)
We do not collect any special category data (such as health information, financial data, or information about children). We do not run any paid advertising campaigns that track your behaviour across other websites.
3. How we use your information
We use the information we collect for the following purposes:
- To respond to your enquiry — when you contact us via the contact form, we use your name and email address to reply to your message
- To understand how our website is used — we use analytics data to improve the content and usability of our website
- To comply with legal obligations — where required by law, we may need to retain or disclose certain information
We will never sell, rent, or share your personal information with third parties for marketing purposes.
4. Legal basis for processing
We process your personal data under the following legal bases as defined in the UK GDPR:
- Legitimate interests — we process contact form submissions to respond to enquiries about our services. This is necessary for running our business and does not override your privacy rights
- Consent — where you have opted in to analytics cookies via our cookie banner, we process website usage data on the basis of your consent. You may withdraw this consent at any time
- Legal obligation — where applicable, we may process data to comply with a legal requirement
5. Cookies and analytics
Our website uses cookies — small text files stored on your device — to help us understand how visitors use the site. We use the following categories of cookies:
Strictly necessary cookies:
- These are required for the website to function correctly and cannot be switched off. They do not store any personally identifiable information. No consent is required for these cookies.
Analytics cookies (consent required):
- We use Google Analytics to collect anonymised data about how visitors use our website — including which pages are visited, how long visitors stay, and how they arrived at the site. Google Analytics sets cookies to distinguish users and sessions. This data is processed by Google LLC and may be transferred to servers in the United States under appropriate safeguards (Standard Contractual Clauses).
- Google Analytics cookies are only loaded if you have accepted analytics cookies via our cookie banner.
You can withdraw your consent at any time by clearing your cookies and declining via the cookie banner on your next visit, or by using your browser settings to block cookies. You can also opt out of Google Analytics tracking at all times via Google's opt-out tool.
6. Third-party services
Our website uses the following third-party services which may process data:
- Google Fonts — we load fonts from Google's servers. When your browser requests a font, Google may log your IP address. We have configured our font loading to minimise this where possible. Google's privacy policy is available at policies.google.com/privacy.
- Google Analytics — see the Cookies section above. Google's privacy policy governs the processing of data collected through Google Analytics.
- Netlify — our website is hosted on Netlify, which may process server logs including IP addresses as part of providing hosting services. Netlify's privacy policy is available at netlify.com/privacy.
We do not use social media tracking pixels, retargeting cookies, or any form of behavioural advertising.
7. How long we keep your data
- Contact form enquiries — we retain email correspondence for up to 3 years, after which it is deleted unless the correspondence relates to an ongoing client relationship
- Analytics data — Google Analytics data is retained for 26 months by default, after which it is automatically deleted by Google
- Server logs — Netlify retains server access logs for a limited period in accordance with their own data retention policy
8. Your rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access — you can request a copy of the personal data we hold about you
- Right to rectification — you can ask us to correct inaccurate or incomplete data
- Right to erasure — you can ask us to delete your personal data in certain circumstances
- Right to restrict processing — you can ask us to limit how we use your data
- Right to data portability — you can request your data in a structured, machine-readable format
- Right to object — you can object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent (e.g. analytics cookies), you can withdraw consent at any time
To exercise any of these rights, please contact us at info@rosace.co.uk. We will respond within one calendar month.
If you are not satisfied with our response, you have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk.
9. Data security
We take reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, or disclosure. Our website is served over HTTPS (encrypted connection). Access to email correspondence is limited to authorised members of the Rosace team.
While we take these precautions, no method of transmission over the internet is completely secure. We cannot guarantee the absolute security of information transmitted to us.
10. Changes to this policy
We may update this privacy policy from time to time, for example to reflect changes in our services or legal requirements. The "Last updated" date at the top of this page will reflect any changes. We encourage you to review this policy periodically.
If you have any questions about this privacy policy or how we handle your personal data, please contact us: